keepalived+nginx双机热备+负载均衡

ybaidukuai

keepalived+nginx双机热备+负载均衡



最近因业务扩展，需要将当前的apache 转为nginx(web), 再在web前端放置nginx(负载均衡)。同时结合keepalived 对前端nginx实现HA。

nginx进程基于于Master+Slave(worker)多进程模型，自身具有非常稳定的子进程管理功能。在Master进程分配模式下，Master进程永远不进行业务处理，只是进行任务分发，从而达到Master进程的存活高可靠性，Slave(worker)进程所有的业务信号都 由主进程发出，Slave(worker)进程所有的超时任务都会被Master中止，属于非阻塞式任务模型。

Keepalived是Linux下面实现VRRP 备份路由的高可靠性运行件。基于Keepalived设计的服务模式能够真正做到主服务器和备份服务器故障时IP瞬间无缝交接。二者结合，可以构架出比较稳定的软件lb方案。









准备4台电脑来做这个实验:



192.168.232.132        web服务器

192.168.232.133        web服务器

192.168.232.134        keepalived nginx

192.168.232.135        keepalived nginx



虚拟IP (VIP)：192.168.232.16



134\135两个主机配置虚拟IP



下面以135为例：



vi /etc/sysconfig/network-scripts/ifcfg-eth2:0



DEVICE=eth2:0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=static
DNS1=192.168.232.2
IPADDR=192.168.232.16
NETMASK=255.255.255.0
GETWAY=192.168.232.2





service network restart



使用ifconfig查看效果：

eth2      Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B  
inet addr:192.168.232.135  Bcast:192.168.232.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe49:905b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:66322 errors:0 dropped:0 overruns:0 frame:0
TX packets:31860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:67624991 (64.4 MiB)  TX bytes:2723877 (2.5 MiB)
Interrupt:19 Base address:0x2000
eth2:0    Link encap:Ethernet  HWaddr 00:0C:29:49:90:5B  
inet addr:192.168.232.16  Bcast:192.168.232.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
Interrupt:19 Base address:0x2000
lo        Link encap:Local Loopback  
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:22622 errors:0 dropped:0 overruns:0 frame:0
TX packets:22622 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1236328 (1.1 MiB)  TX bytes:1236328 (1.1 MiB)



         

说明生效了。



134\135两个主机安装keepalived和nginx



nginx安装：



1、导入外部软件库

rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/epel-release-6-5.noarch.rpm

rpm -Uvh http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/i386/ius-release-1.0-10.ius.el6.noarch.rpm

rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

以下添加注释

mirrorlist=http://dmirr.iuscommunity.org/mirrorlist?repo=ius-el6&arch=$basearch

以下删除注释

#baseurl=http://dl.iuscommunity.org/pub/ius/stable/Redhat/5/$basearch

2、yum安装nginx

yum install nginx



keepalived安装：



安装依赖

yum -y install gcc gcc+ gcc-c++

yum install popt-devel openssl openssl-devel libssl-dev libnl-devel popt-devel



安装内核

yum -y install kernel kernel-devel

当前kernel代码建立连接 ln -s /usr/src/kerners/2.6....../ /usr/src/linux



安装keepalived

wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz

tar -zxvf keepalived-1.2.2.tar.gz  

cd keepalived-1.2.2  

./configure  

make  

make install   



拷贝相应的文件



cp /usr/local/sbin/keepalived /usr/sbin/

cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/  

cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/  

cp -r /usr/local/etc/keepalived/ /etc/  



配置keeplived和nginx主机



134/135执行都执行以下操作：

vi /etc/nginx/conf.d/default.conf

server {
listen       8088;
server_name  localhost;
location / {
root   /var/www/html;
index  index.html index.htm;
}
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   /usr/share/nginx/html;
}
}

135执行以下操作：

vi /var/www/html/index.html

<html>  
<head>  
<title>Welcome to nginx!</title>  
</head>  
<body bgcolor=&quot;white&quot; text=&quot;black&quot;>  
<center><h1>Welcome to nginx! 192.168.232.135</h1></center>  
</body>  
</html>

134执行以下操作：

vi /var/www/html/index.html

<html>  
<head>  
<title>Welcome to nginx!</title>  
</head>  
<body bgcolor=&quot;white&quot; text=&quot;black&quot;>  
<center><h1>Welcome to nginx! 192.168.232.134</h1></center>  
</body>  
</html>

134执行以下操作：

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
notification_email {
#acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script &quot;</dev/tcp/127.0.0.1/8088&quot;
interval 1
weight -2
}
vrrp_instance VI_1 {
state MASTER
interface eth2
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.16
}
track_script {
chk_http_port
}
}   

135执行以下操作：

vi /etc/keepalived/keepalived.conf

! Configuration File for keepalived
global_defs {
notification_email {
#acassen@firewall.loc
#failover@firewall.loc
#sysadmin@firewall.loc
}
#notification_email_from Alexandre.Cassen@firewall.loc
#smtp_server 192.168.200.1
#smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_http_port {
script &quot;</dev/tcp/127.0.0.1/8088&quot;
interval 1
weight -2
}
vrrp_instance VI_1 {
state BACKUP
interface eth2
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.232.16
}
track_script {
chk_http_port
}
}

Tips：



state   参数&#20540;：主的是MASTER、备用的是BACKUP

priority 参数&#20540;： MASTER > BACKUP

virtual_router_id： 参数&#20540;要一样



测试测试：



两台测试机134\135均启动keepalived和nginx

service keepalived restart

service keepalived nginx



验证nginx启动正常：

访问 master：http://192.168.232.134:8088/

访问 backup: http://192.168.232.135:8088/



查看keepalived的日志信息：



134\135均打开日志信息方便查看keepalived动态：

tail -f /var/log/messages



浏览器打开虚拟ip访问：http://192.168.232.16:8080/ ，此时显示IP为192.168.232.134



服务器层的双机热备（比如服务器宕机、keepalived宕了）测试：



kill 192.168.232.134（master) 的keepalived进程

killall keepalived

134的日志信息如下：

Jun 11 18:03:10 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
Jun 11 18:03:15 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth1 for 192.168.232.16
Jun 11 19:30:44 localhost Keepalived: Terminating on signal
Jun 11 19:30:44 localhost Keepalived: Stopping Keepalived v1.2.2 (06/10,2014)
Jun 11 19:30:44 localhost Keepalived_vrrp: Terminating VRRP child process on signal
Jun 11 19:30:44 localhost Keepalived_healthcheckers: Terminating Healthchecker child process on signal



135的日志信息如下：

Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Jun 11 19:30:50 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
Jun 11 19:30:50 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
Jun 11 19:30:55 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16





刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。



再次启动192.168.232.134的keepalived进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。



应用层（web）的双机热备（比如nginx进程被意外kill、web端口不通）试验：



关闭192.168.232.134（master) 的nginx服务：

service nginx stop



134的日志信息如下：

Jun 11 19:38:49 localhost Keepalived_vrrp: VRRP_Script(chk_http_port) failed
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Received higher prio advert
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering BACKUP STATE
Jun 11 19:38:51 localhost Keepalived_vrrp: VRRP_Instance(VI_1) removing protocol VIPs.
Jun 11 19:38:51 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 removed

135的日志信息如下：

Jun 11 19:38:52 localhost Keepalived_vrrp: VRRP_Instance(VI_1) forcing a new MASTER election
Jun 11 19:38:53 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Transition to MASTER STATE
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Entering MASTER STATE
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) setting protocol VIPs.
Jun 11 19:38:54 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16
Jun 11 19:38:54 localhost Keepalived_healthcheckers: Netlink reflector reports IP 192.168.232.16 added
Jun 11 19:38:59 localhost Keepalived_vrrp: VRRP_Instance(VI_1) Sending gratuitous ARPs on eth2 for 192.168.232.16



刷新http://192.168.232.16:8080/ ， 此时显示IP为192.168.232.135。



再次启动192.168.232.134的nginx进程，192.168.232.134会自动接管成为master，192.168.232.135自动转为backup，从测试结果看，备机能成功接管，已经实现了热备。


　　为什么主备的参数state都是MASTER，对的你没有看错确实要都设置成一样的，不然并不能实现我们想要的VIP漂浮的效果，我测试很久才发现的.state都设置成MASTER后，会根据priority的&#20540;大小竞争来决定谁是真正的MASTER，脚本检测也是在失败的时候会把权重减去相应的&#20540;，比如原来master（181）的priority=100，如果脚本检测到端口8088无法连接，就会priority-2=98，< S-B（150）的priority（99），此时 S-B（150） 将竞争成为master，这样就实现了web应用的热备。
　　


　　如果以上实验都没有问题了，那么就该nginx负载均衡的配置了，配置修改参见如下：http://blog.iyunv.com/e421083458/article/details/30086413



版权声明：本文为博主原创文章，未经博主允许不得转载。